New Year. New Challenges. New Security
Microsoft announced that Exchange Online will block old Exchange Servers by throttling and then rejecting their inbound email into Exchange Online. The hope is that this tactic will convince those who operate unsupported versions of Exchange Server to upgrade and use supported software that isn't vulnerable to known attack vectors.
Conditional Access policies are one of Microsoft's most versatile and flexible security features ever built. However, there’s one area that Conditional Access can help you protect that isn’t as well known—using IP restrictions to control where a specific app can be used.
In the third and final article in a series covering Git-based Source Control for Microsoft 365 Tenant Admins, Andy Schnieder covers how to leverage tools to streamline your workflow with Git and gain insight into some useful advanced techniques.
In this week's show, Steve and Paul discuss Microsoft 365 Copilot. Not a sat-nav for your car, powered by the Microsoft Cloud, but an AI assistant that can help people with their daily tasks using OpenAI technologies. And nearly an episode doesn't go by without Exchange patches - but this time the Outlook issues could be pretty serious, so make sure you take a listen. Talking of Outlook - authenticator comes to mobile Outlook - is it a good thing? Plus much more..
On March 16, Microsoft launched its latest AI-powered innovation in Microsoft 365 CoPilot, aimed at using AI to remove the drudgery of many Office tasks. We don't know when the new capabilities will be available or what they will cost. The demos looked wonderful, but how things work out when exposed to real users is an entirely different manner. Time will tell!
The best hybrid Active Directory and Microsoft 365 security experts are going on the road to bring our European friends a taste of The Experts Conference (TEC). Join us in London (17 April), Paris (19 April), and Frankfurt (21 April) for unmatched advice from experts such as Tony Redmond, Steve Goodman, and more!
Among the latest set of patches released by Microsoft, a fix for CVE-2023-23397 is available to fix an NTLM vulnerability in Outlook for Windows clients. The update closes a hole where attackers can use specially formatted messages to force NTLM credentials to be sent outside the organization.
Microsoft 365 tenant administrators might want to know when user accounts receive a specific license. Unhappily, Azure AD license assignment dates can mislead, so some interpretation and personal knowledge might be needed to find out just when a user was licensed.
As organizations move to the cloud, on-premises environments (and their security) are put in the background as the focus shifts to the cloud. Nevertheless, most organizations I know are in a hybrid scenario where the on-premises environment holds the master data and synchronizes everything into Azure Active Directory. This blog explores how an on-premises environment is connected to the cloud and how an attacker might move from on-premises to the cloud laterally.
Many Microsoft 365 and Exchange Server logs contain IP addresses. To find out where the IP addresses come from and if they are internal or external, PowerShell developers can use online web-based geolocation services. It's important not to overuse the services because you could be throttled.
Managing Office updates is one of those thankless tasks, like taking out the recycling, that is sometimes wearisome but contributes to making the world a better place. This article covers how you can keep track of these updates, and what can go wrong if you don't.
Azure AD system-preferred authentication means that users must use their strongest authentication method when they sign-into Azure AD. The change emphasizes the desirability of strong authentication methods over weak. Now in preview, Microsoft plans to make the policy effective for everyone in July 2023.
